Health care information exchanges are supposed to help protect patients if they find themselves under the care of a provider other than their doctor. But how do you protect the data itself?

Jericho Systems Corp. of Dallas is trying to demonstrate a consent software that gives patients a chance to see who’s asked for their medical records and why.

Electronic medical records are crucial to coordinating care among several physicians who may treat a patient. The drugs they prescribe may not interact well. Different physicians could be doing the same tests twice or more. Shared electronic medical records can help patients avoid allergic reactions when emergency caregivers are trying to save their lives. And by improving coordination, they can save quite a lot of money.

But they can also open the door to an invasion of privacy. So before a physician shares that record on an electronic health information exchange, the patient has to decide whether to allow it.

“If a patient is deciding whether to share that information, and potentially expose him or herself to financial risk or a threat to their employment, it would be much better if they could get a list of who’s accessed their record,” said David Staggs, Jericho’s chief technology officer. “They should have an opt-in choice with restrictions, not all or nothing. … That’s not tenable.”

Jericho and information technology students at the University of Texas at Austin are testing this software in a virtual medical record exchange pilot program for the federal government, which wants something like it for a nationwide exchange.

Improvements in patient consent are always welcome, said Joseph Lastinger, CEO of the North Texas Accountable Healthcare Partnership, which is hosting a patient information exchange across the region.

“If you’re a sick person, you may have seven physicians,” he said. “If you say yes to the release of some information and no to others, it requires somebody to do some very, very sophisticated parsing of information. OK, that’s great, that’s ultimately where we should go. But it’s not easy. It’s not even close to easy. And it’s going to take a lot of money.”

The North Texas Accountable Healthcare Partnership has physicians ask their patients for blanket consent for sharing these records. Lastinger said all but about 3 or 4 percent have declined to let their records go into the exchange; tens of thousands of others have given their consent.

Staggs said Jericho has a way for patients to audit what goes on with their health information in a manner that’s similar to checking a credit card statement, but in real time, online.

A more refined patient consent form would give patients the opportunity to screen out information on sensitive matters like mental health care or genetic makeup that they might fear would let employers discriminate on hiring and promotion practices, Staggs said.

Lastinger said the North Texas Accountable Healthcare Partnership already blocks employers and insurers from getting access to the information, and limits what a hospital or physician can see to one patient at a time.

When all Americans have electronic medical records, information exchanges might be able to use Germany’s “two-key” patient consent method — where the record only becomes available once the physician and the patient both enter their keys.

In the meantime, Lastinger said the need to improve care coordination makes electronic records essential.

“We have to solve this problem. Patient information has to be shared,” he said.